Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/SkiExnp0JW-PS6NZcAt-ZWSbcDg.roa
File:                     SkiExnp0JW-PS6NZcAt-ZWSbcDg.roa (raw, json)
Hash identifier:          rUnKRNAoNg+9eHES7XF0z7JvUhKIpZXauuhKnyg57o4=
Subject key identifier:   4A:48:84:C6:7A:74:25:6F:8F:4B:A3:59:70:0B:7E:65:64:9B:70:38
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01975A28E197739BFD35B696C8933F46538E
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/SkiExnp0JW-PS6NZcAt-ZWSbcDg.roa
Signing time:             Tue 10 Jun 2025 14:05:17 +0000
ROA not before:           Tue 10 Jun 2025 14:05:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51396
IP address blocks:        89.251.10.0/24 maxlen: 24
                          185.215.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:28:e1:97:73:9b:fd:35:b6:96:c8:93:3f:46:53:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jun 10 14:05:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a4884c67a74256f8f4ba359700b7e65649b7038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:12:ab:91:11:91:48:54:48:32:e0:1b:d8:4b:
                    57:64:a4:5f:f4:17:cc:5f:2b:0f:de:11:e1:b7:49:
                    58:b5:3b:54:76:ae:43:6f:7c:69:b2:7b:c6:66:d2:
                    64:40:78:99:f2:e4:3f:52:13:9a:7e:a3:e0:cc:b9:
                    65:88:0c:20:09:8f:e3:78:99:d5:cc:f9:31:dc:f9:
                    26:12:ed:84:4d:de:19:43:b0:d5:35:15:a9:13:57:
                    46:90:dd:b2:72:e2:2c:54:ea:01:ca:73:bb:51:ca:
                    4d:38:0f:36:7b:69:78:f1:e2:45:49:ee:e8:44:8a:
                    62:ef:13:ca:fa:53:4c:df:4f:95:bd:93:69:30:b0:
                    30:0b:f5:68:f4:a7:f9:45:dc:18:50:9e:b5:bd:17:
                    a5:a9:4e:97:90:e3:c1:29:a6:12:18:46:0a:9f:5b:
                    95:bb:0d:e7:3a:1d:67:88:de:74:5d:7d:f8:05:80:
                    e5:10:4d:8c:65:c6:85:7d:d1:ff:98:7f:38:1c:5d:
                    56:1c:25:60:60:9b:88:95:63:54:54:d0:aa:e1:ec:
                    0a:fb:16:43:67:7e:26:14:b3:90:35:0c:a7:f6:a0:
                    7a:6a:29:25:b7:5e:68:c8:05:e6:4f:e3:a4:bc:fa:
                    0b:ae:d8:b9:57:24:55:f8:3f:28:36:45:50:8b:55:
                    9e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:48:84:C6:7A:74:25:6F:8F:4B:A3:59:70:0B:7E:65:64:9B:70:38
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/SkiExnp0JW-PS6NZcAt-ZWSbcDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.10.0/24
                  185.215.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:04:ef:18:46:13:ee:9c:a1:48:d8:55:01:5f:3e:93:06:1d:
         b5:81:48:e5:5f:b9:54:12:39:67:28:00:a9:c3:f9:51:04:08:
         c7:20:02:d1:95:2e:e0:92:ec:4e:11:c0:d9:3e:8a:8d:26:09:
         d8:c6:89:09:a7:a1:dd:7c:33:1c:40:1a:8d:8c:71:7f:84:da:
         3e:36:84:7c:b4:40:c6:8b:c0:74:18:93:95:c0:d1:bc:57:22:
         05:dd:57:98:a1:82:f7:b3:c7:f4:b6:95:a5:5a:15:d9:f3:2b:
         46:ec:9c:cd:72:52:05:8f:89:75:27:f6:8e:39:37:0b:2d:6b:
         fb:b9:16:0e:c4:e9:a3:cf:7b:c3:ba:54:31:53:30:9a:10:a2:
         88:85:56:3c:63:1e:5a:e8:3f:0e:66:3b:79:b6:89:ea:a6:51:
         53:d3:2a:eb:17:ad:b6:40:db:f7:ab:20:92:74:ae:ec:06:63:
         5d:3e:ff:b0:3d:b6:dd:8d:18:95:51:d6:c4:f2:88:b5:d4:ad:
         ab:01:a0:95:11:8a:a5:1b:d5:bb:f4:a0:a8:58:8a:31:76:ea:
         45:73:a1:be:fe:64:2f:1f:55:22:97:a8:05:ba:80:ec:62:67:
         20:17:13:b8:20:23:e6:56:fa:52:0e:c5:e8:13:75:c3:e7:20:
         30:d3:03:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdaKOGXc5v9NbaWyJM/RlOOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNjEwMTQwNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTQ4ODRjNjdhNzQyNTZmOGY0YmEzNTk3MDBiN2U2NTY0OWI3MDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBKrkRGRSFRIMuAb2EtXZKRf9BfM
XysP3hHht0lYtTtUdq5Db3xpsnvGZtJkQHiZ8uQ/UhOafqPgzLlliAwgCY/jeJnV
zPkx3PkmEu2ETd4ZQ7DVNRWpE1dGkN2ycuIsVOoBynO7UcpNOA82e2l48eJFSe7o
RIpi7xPK+lNM30+VvZNpMLAwC/Vo9Kf5RdwYUJ61vRelqU6XkOPBKaYSGEYKn1uV
uw3nOh1niN50XX34BYDlEE2MZcaFfdH/mH84HF1WHCVgYJuIlWNUVNCq4ewK+xZD
Z34mFLOQNQyn9qB6aiklt15oyAXmT+OkvPoLrti5VyRV+D8oNkVQi1WefwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEpIhMZ6dCVvj0ujWXALfmVkm3A4MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvU2tpRXhucDBKVy1QUzZOWmNBdC1aV1NiY0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfsKAwQA
udf3MA0GCSqGSIb3DQEBCwUAA4IBAQClBO8YRhPunKFI2FUBXz6TBh21gUjlX7lU
EjlnKACpw/lRBAjHIALRlS7gkuxOEcDZPoqNJgnYxokJp6HdfDMcQBqNjHF/hNo+
NoR8tEDGi8B0GJOVwNG8VyIF3VeYoYL3s8f0tpWlWhXZ8ytG7JzNclIFj4l1J/aO
OTcLLWv7uRYOxOmjz3vDulQxUzCaEKKIhVY8Yx5a6D8OZjt5tonqplFT0yrrF622
QNv3qyCSdK7sBmNdPv+wPbbdjRiVUdbE8oi11K2rAaCVEYqlG9W79KCoWIoxdupF
c6G+/mQvH1Uil6gFuoDsYmcgFxO4ICPmVvpSDsXoE3XD5yAw0wO5
-----END CERTIFICATE-----